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AMENDMENTS TO THE CLAIMS C6N ™S'w5^TER 

This listing of claims includes a complete listing of both allowed claims and „,„ 
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amended claims and will replace all prior versions, and listings, of claims in the T 



application: 



Listing of Claims 



OFFICIAL 



1 . (Currently amended): A system of establishing a secure link among 
multiple users on a single machine with a remote machine, comprising: 

a subsystem to filter traffic so that traffic from each user is separat e, the 
subsystem comprising an Internet Key Exchanee ( IKE) module and a policy 
module, the IKE module adapted to provide User Mode negotiations in order to 

establish a secure link among user^ ; _ ^ C&U^>v. 10 J/Co^pCMOck. 

wherein the subsystem generates and associates a Security Association 
(S A) with at least one filter corresponding to the user and the traffic and employs 
the SA to establish the secure link. 

2. (Original): The system of claim 1 being located on the single machine. 

3. (Original): The system of claim 1 being located on the remote machine. 

4. (Cancelled) 

5. (Currently amended): The system of claim i [[4]], wherein the policy 
module is configured via Internet Protocol Security (IPSEC). 

6. (Original): The system of claim 5, wherein filters arc provided from the policy 
module in order to filter traffic associated with the single machine and the remote 
machine. 
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7. (Original): The system of claim 6, wherein the single machine filter is 
associated with a communications port on the single machine. 

8. (Original): The system of claim 7, wherein the remote machine determines 
filters dynamically to communicate with the filters associated with the single machine. 

9. (Cancelled) 



10. (Currently amended): The system of claim I [[9]] f wherein the User Mode 
itions utilize keying material c 
provide the secure link among users. 



negotiations utilize keying material derived from Main Mode negotiations in order to 



1 1 . (Original): The system of claim y& % wherein the User Mode enables a plurality 
of Quick Mode negotiations in order to provide the secure link among users. 

12. (Original): The system of claim^H, wherein the User Mode negotiation 
further comprises an initiator packet including at least one of a user identification 
initiator, a security association attribute, a nonce initiator, a proxy source, and a proxy 
destination. 

i 

13. (Original): The system of claim *Ki, wherein the initiator packet further 
comprises a user identification responder. 

l 

14. (Original): The system of claim "N* wherein the User Mode negotiation 
further comprises a responder packet including at least one of a user identification 
responder, a security association attribute, and a nonce responder. 

15. (Original): The system of claim t^, wherein the User Mode enables a plurality 
of authentication packets to be sent to authenticate among users. 
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1 6. (Currently amended): A system of establishing a secure link between a 
first machine and multiple services on a second machine, comprising: 

a subsystem to filter traffic so that traffic from each service is separat e, the 
subsystem comprising a policy module and an Internet Key Exchange flKIH 
module adapted to provide User Mode negotiations in order to establish a secure 

wherein the subsystem generates and associates a Security Association 
(SA) with at least one filter corresponding to the user and the service and employs 
the SA to establish the secure link. 



17. (Original): The system of claim 16, wherein the subsystem further comprises 
an Internet Key Exchange module and a policy module to generate and associate the 
security association. 

18. (Original): The system of claim 17, wherein the policy module is configured 
via Internet Protocol Security (EPSEC), 

19. (Original): The system of claim 1 8, wherein filters are provided from the 
policy module in order to filter traffic associated with the first machine and the second 
machine. 

20- (Original): The system of claim 1 9, wherein the first machine filter is 
associated with a communications port on the first machine. 

2L (Original): The system of claim 20, wherein the second machine determines 
filters dynamically to communicate with the filters associated with the first machine. 

22. (Currently amended): . The system of claim I [[4]], wherein the IKE 
module is adapted to provide User Mode negotiations in order to establish a secure link 
between the services. 
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23. (Original): The system of claim 22, wherein the User Mode negotiation 
further comprises an initiator packet including at least one of a user identification 
initiator, a security association attribute, a nonce initiator, a proxy source, and a proxy 
destination. 

24. (Original): The system of claim 23, wherein multiple services arc 
authenticated on the second machine by utilizing a policy look-up associated with service 
information relating to the initiator packet 

25. (Original): The system of claim 24, wherein if a multiple service 
authentication fails, the second machine initiates a User Mode negotiation. 



26, (CuiTently amended): A method of establishing a secure link among 
multiple users on a single machine with a remote machine, comprising the steps of: 

filtering traffic so that traffic from each user is separate; 

utilizing an Internet Key Exchange (IKE) module and a policy module, the 
IKE module providing User Mode negotiations to establish a secure ^ nW amrmpr 

**S£rsi ^dlou^K /O ^coipCKojtc 

negotiating and authenticating a Security Association (SA) with at least 
one filter corresponding to the user and the traffic; and 
employing the SA to establish the secure link. 



27. (Currently amended): A method of establishing a secure link between a 
first machine and multiple services on a second machine, comprising the steps of: 

filtering traffic so that traffic from each service is separate; 

employing a policy module and an Internet Key Exchange (IKE) module 
to provide User Mode negotiations to establish a se cure HnV a mong users: 

negotiating and authenticating a Sec^tyAssodation(SA) with aUe^t^ (X^-^ ' . 
one filter corresponding to the services and the traffic; and ' 

employing the SA to establish the secure link. 
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28. (Currently amended): A system for establishing a secure link among 
multiple users on a single machine with a remote machine, comprising: 

means for filtering traffic so that traffic from each user is separate; 
means for utilizing a policy module and an Internet Key Exchange (IKE) 
module adapted to provide User Mode negotiations in establishing a secure link 

means for negotiating and authenticating a Security Association (SA) with 
at least one filter corresponding to the user and the traffic; and 
means for employing the SA to establish the secure link. 

29. (Currently amended): A system of establishing a secure link between a 
first machine and multiple services on a second machine, comprising: 

means for filtering traffic so that traffic from each service is separate; 
means for employing a policy module and an Internet Key Exchange 
(IKE) module to provide User Mode negotiations to establish a secure link among 

means for negotiating and authenticating a Security Association (SA) with 
at least one filter corresponding to the services and the traffic; and 
means for employing the SA to establish the secure link. 
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30. (Currently amended) : A computer readable medium having stored thereon 
computer executable components, comprising: 

a component to filter traffic between a first machine, having multiple 
users, and a second machine so that traffic for the first machine is separated in 
accordance with the respective users; and 

a component to generate and associate a Security Association (SA) with at 
least one filter, corresponding to at least one of the users and the respective traffic, 
and employs the SA to establish a secure link between the first and second 
machines, the component employing a policy module and an Internet Kev 
Exchange (IKE) module adapted to provide User Mode negotiations in order to 
establish a secure link among users . 



3 1 . (Currently amended): A data packet adapted to be transmitted between at 
least two processes, comprising: 

a first component to filter traffic between a first process, associated with 
multiple users, and a second process so that traffic for the first process is 
separated in accordance with the respective users; and 

a second component to generate and associate a Security Association (SA) 
with at least one filter, corresponding to at least one of the users and the 
respective traffic, and employs the S A to establish a secure link between die first 
and second processes , the second component utilizing a policy module and an 
Internet Kev Exchange (IKE) module adapted to provide User Mode negotiations 
in order to establish a y jeqm-e link among users . 
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32. (Currently amended): A computer readable medium having stored thereon 
computer executable components, comprising: 

a component to filter traffic between a first machine, having multiple 



accordance with the respective services; and 

a component to generate and associate a Security Association (SA) with at 
least one filter, corresponding to at least one of the services and the respective 
traffic, and employs the SA to establish a secure link between the first and second 
machines, the comp onent further comprising a policy module and an Internet Key 
Exchange (IKE) module adapted to provide User Mode negotiations in order to 
establish a secure link among users . 



33. (Currently amended): A data packet adapted to be transmitted between at 
least two processes, comprising: 

a first component to filter traffic between a first process, associated with 
multiple services, and a second process so that traffic for the first process is 
separated in accordance with the respective services; and 

a second component to generate and associate a Security Association (SA) 
with at least one filter, corresponding to at least one of the services and the 
respective traffic, and employs the SA to establish a secure link between the first 
and second processes, the second component including a policy module and an 
Internet Kev E xchange (IKE) module adapted to provide User Mode negotiatin g 
in order to establish a secure link among users . 



34. (Original): The data packet of claim 33, wherein at least one of the processes is 
executed by a distributed processing system. 



services, and a second machine so that traffic for the first machine is separated in 
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